President Biden Urges U.S. Companies to Prepare for Cyberattacks

Written By Haley Metteauer

On March 21, 2022, the White House issued a fact sheet calling upon all businesses in the United States to take key steps to prevent cybersecurity incidents in light of recent increased sanctions being imposed on Russia by the U.S. and its allies.

According to the fact sheet, “[t]here is now evolving intelligence that Russia may be exploring options for potential cyberattacks.” In light of this potential emerging threat, the White House urges organizations to take the following steps “with urgency”:

  • Implement mandatory multi-factor authentication on operational systems;

  • Deploy security tools on computers and devices to continuously detect and notify of incidents;

  • Engage internal or external cybersecurity professions to inspect and ensure systems are patched and protected against known or predicted vulnerabilities;

  • Change the passwords across networks to prevent threat actors from utilizing previously stolen credentials;

  • Back up systems to save and protect data and ensure that offline backups are protected from malicious actors;

  • Run tests and exercises on emergency plans to respond quickly and efficiently to minimize the impact of any incident or attack;

  • Encrypt data so that it is useless if stolen or accessed;

  • Educate employees on common threat actor tactics, such as use of malware distributed by email or websites;

  • Encourage employees to report if their devices have been operating in an unusual manner, such as crashing or slow operations; and

  • Engage local FBI field office or CISA Regional Office employees to establish relationships prior to the occurrence of any cyber incident, which can be done by encouraging IT and security leadership employees to visit CISA and FBI websites for technical information and resources.

The fact sheet further encouraged technology and software companies to:

  • Build security into products from the ground up ("bake it in, don’t bolt it on”);

  • Develop software on a highly secure system that is accessible only to authorized individuals;

  • Utilize “modern tools,” such as automated technologies, for reviewing known or potential software vulnerabilities and taking action before these vulnerabilities can be taken advantage of;

  • Ensure that software developers know the origin of software components and libraries that are being used to build software and create a “software bill of materials” so that any vulnerabilities in these components can be quickly remedied; and

  • Implement the security practices mandated in the Executive Order, Improving our Nation’s Cybersecurity (EO 14028).

In a statement released in conjunction with the fact sheet, the White House stated “[t]his is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.” The White House assured the public that they “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.” However, they also emphasized that they could not “defend against this threat alone[,]” as the majority of “America’s critical infrastructure is owned and operated by the private sector.”

As such, businesses of all sizes and industries should review the White House's recommendations and should consider implementing them into their operations to ensure the safe and continued operations of their organization and many other organizations in the United States.   

Haley Metteauer
Previous

AG Issues New FOIA Guidelines Favoring Transparency and Disclosure
Next

NIST Moves to Update Cybersecurity Framework